Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261675AbVCaTv3 (ORCPT ); Thu, 31 Mar 2005 14:51:29 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261697AbVCaTv3 (ORCPT ); Thu, 31 Mar 2005 14:51:29 -0500 Received: from wproxy.gmail.com ([64.233.184.196]:42064 "EHLO wproxy.gmail.com") by vger.kernel.org with ESMTP id S261675AbVCaTuh (ORCPT ); Thu, 31 Mar 2005 14:50:37 -0500 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=mkSqEBoJ6QAvPs3sXlzIXpLaplKW8b0mAN1Qlx7apJ6qQ7upadTLYOm8JpYA6ZMESGbUZ3uJqEOac8bDZE3zJE0OXT1WpWo3mssCoAHDkNxDE9l5iK2dkxVoFRRfeGgjlUS4C6oweZES5/9sivKmF+rwulqRS18dH4RinrNnX5k= Message-ID: <40f323d0050331115016b707f1@mail.gmail.com> Date: Thu, 31 Mar 2005 14:50:37 -0500 From: Benoit Boissinot Reply-To: Benoit Boissinot To: David Howells Subject: Re: [PATCH 3/3] Keys: Make request-key create an authorisation key Cc: torvalds@osdl.org, akpm@osdl.org, Michael A Halcrow , Trond Myklebust , linux-kernel@vger.kernel.org In-Reply-To: <29760.1111611165@redhat.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_1719_11416062.1112298637013" References: <29204.1111608899@redhat.com> <29760.1111611165@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5821 Lines: 154 ------=_Part_1719_11416062.1112298637013 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Wed, 23 Mar 2005 20:52:45 +0000, David Howells wrote: > > The attached patch makes the following changes: > > (6) One of the process keyrings can be nominated as the default to which > request_key() should attach new keys if not otherwise specified. This is > done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_* > constants. The current setting can also be read using this call. > > > Signed-Off-By: David Howells > --- > @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id, > > /*****************************************************************************/ > /* > + * set the default keyring in which request_key() will cache keys > + * - return the old setting > + */ > +long keyctl_set_reqkey_keyring(int reqkey_defl) > +{ > + int ret; > + > + switch (reqkey_defl) { > + case KEY_REQKEY_DEFL_THREAD_KEYRING: > + ret = install_thread_keyring(current); > + if (ret < 0) > + return ret; > + goto set; > + > + case KEY_REQKEY_DEFL_PROCESS_KEYRING: > + ret = install_process_keyring(current); > + if (ret < 0) > + return ret; > + > + case KEY_REQKEY_DEFL_DEFAULT: > + case KEY_REQKEY_DEFL_SESSION_KEYRING: > + case KEY_REQKEY_DEFL_USER_KEYRING: > + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: > + set: > + current->jit_keyring = reqkey_defl; > + > + case KEY_REQKEY_DEFL_NO_CHANGE: > + return current->jit_keyring; > + > + case KEY_SPEC_GROUP_KEYRING: KEY_REQKEY_DEFL__GROUP_KEYRING > + default: > + return -EINVAL; > + } > + > +} /* end keyctl_set_reqkey_keyring() */ > + > @@ -267,21 +294,84 @@ static struct key *request_key_construct > > /*****************************************************************************/ > /* > + * link a freshly minted key to an appropriate destination keyring > + */ > +static void request_key_link(struct key *key, struct key *dest_keyring) > +{ > + struct task_struct *tsk = current; > + struct key *drop = NULL; > + > + kenter("{%d},%p", key->serial, dest_keyring); > + > + /* find the appropriate keyring */ > + if (!dest_keyring) { > + switch (tsk->jit_keyring) { > + case KEY_REQKEY_DEFL_DEFAULT: > + case KEY_REQKEY_DEFL_THREAD_KEYRING: > + dest_keyring = tsk->thread_keyring; > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_PROCESS_KEYRING: > + dest_keyring = tsk->signal->process_keyring; > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_SESSION_KEYRING: > + rcu_read_lock(); > + dest_keyring = key_get( > + rcu_dereference(tsk->signal->session_keyring)); > + rcu_read_unlock(); > + drop = dest_keyring; > + > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: > + dest_keyring = current->user->session_keyring; > + break; > + > + case KEY_REQKEY_DEFL_USER_KEYRING: > + dest_keyring = current->user->uid_keyring; > + break; > + > + case KEY_REQKEY_DEFL_NO_CHANGE: gcc-4 warns about this (warning: case label value is less than minimum value for type) and it shouldn't be in jit_keyring anyway. > + case KEY_SPEC_GROUP_KEYRING: KEY_REQKEY_DEFL_GROUP_KEYRING > + default: > + BUG(); > + } > + } > + > + /* and attach the key to it */ > + key_link(dest_keyring, key); patch attached. regards, Benoit ------=_Part_1719_11416062.1112298637013 Content-Type: application/octet-stream; name="keys.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="keys.patch" U2lnbmVkLU9mZi1CeTogQmVub2l0IEJvaXNzaW5vdCA8YmVub2l0LmJvaXNzaW5vdEBlbnMtbHlv bi5vcmc+CgotLS0gLi9zZWN1cml0eS9rZXlzL3JlcXVlc3Rfa2V5LmMub3JpZwkyMDA1LTAzLTMx IDIxOjIzOjQzLjAwMDAwMDAwMCArMDIwMAorKysgLi9zZWN1cml0eS9rZXlzL3JlcXVlc3Rfa2V5 LmMJMjAwNS0wMy0zMSAyMTo0MTowMy4wMDAwMDAwMDAgKzAyMDAKQEAgLTMzNSw4ICszMzUsNyBA QCBzdGF0aWMgdm9pZCByZXF1ZXN0X2tleV9saW5rKHN0cnVjdCBrZXkgCiAJCQlkZXN0X2tleXJp bmcgPSBjdXJyZW50LT51c2VyLT51aWRfa2V5cmluZzsKIAkJCWJyZWFrOwogCi0JCWNhc2UgS0VZ X1JFUUtFWV9ERUZMX05PX0NIQU5HRToKLQkJY2FzZSBLRVlfU1BFQ19HUk9VUF9LRVlSSU5HOgor CQljYXNlIEtFWV9SRVFLRVlfREVGTF9HUk9VUF9LRVlSSU5HOgogCQlkZWZhdWx0OgogCQkJQlVH KCk7CiAJCX0KLS0tIC4vc2VjdXJpdHkva2V5cy9rZXljdGwuYy5vcmlnCTIwMDUtMDMtMzEgMjE6 NDE6MzUuMDAwMDAwMDAwICswMjAwCisrKyAuL3NlY3VyaXR5L2tleXMva2V5Y3RsLmMJMjAwNS0w My0zMSAyMTo0MjowMS4wMDAwMDAwMDAgKzAyMDAKQEAgLTk1MSw3ICs5NTEsNyBAQCBsb25nIGtl eWN0bF9zZXRfcmVxa2V5X2tleXJpbmcoaW50IHJlcWtlCiAJY2FzZSBLRVlfUkVRS0VZX0RFRkxf Tk9fQ0hBTkdFOgogCQlyZXR1cm4gY3VycmVudC0+aml0X2tleXJpbmc7CiAKLQljYXNlIEtFWV9T UEVDX0dST1VQX0tFWVJJTkc6CisJY2FzZSBLRVlfUkVRS0VZX0RFRkxfR1JPVVBfS0VZUklORzoK IAlkZWZhdWx0OgogCQlyZXR1cm4gLUVJTlZBTDsKIAl9Cg== ------=_Part_1719_11416062.1112298637013-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/